client key distro is close to done

git-svn-id: https://ceph.svn.sf.net/svnroot/ceph@1081 29311d96-e01e-0410-9327-a35deaab8ce9

branches/aleung/security1/ceph/client/Client.cc

@@ -641,9 +641,11 @@ void Client::handle_auth_user_ack(MClientAuthUserAck *m)
 
   // put the ticket in the ticket map
   // **
-  user_ticket[uid] = m->get_ticket();
+  cout << "Got ticket for uid: " << uid << endl;
+  user_ticket[uid] = m->getTicket();
 
   // wait up the waiter(s)
+  // this signals all ticket waiters
   cout << "Entering for loop" << endl;
   for (list<Cond*>::iterator p = ticket_waiter_cond[uid].begin();
        p != ticket_waiter_cond[uid].end();
@@ -659,12 +661,25 @@ void Client::handle_auth_user_ack(MClientAuthUserAck *m)
 
 Ticket *Client::get_user_ticket(uid_t uid, gid_t gid)
 {
+  cout << "Requesting ticket for uid: " << uid << ", gid: " << gid << endl;
   // do we already have it?
   if (user_ticket.count(uid) == 0) {
     Cond cond;
     string username;  // i don't know!
-    string key;       // ...
+    string key;       // get from cache or make it now
 
+    // no key, make one now
+    // this should be a function with some
+    // security stuff (password) to gen key
+    if (user_pub_key.count(uid) == 0) {
+      esignPriv privKey = esignPrivKey("crypto/esig1536.dat");
+      esignPub pubKey = esignPubKey(privKey);
+      user_priv_key[uid] = &privKey;
+      user_pub_key[uid] = &pubKey;
+    }
+    key = pubToString(*(user_pub_key[uid]));
+
+    // if no one has already requested the ticket
     if (ticket_waiter_cond.count(uid) == 0) {
       // request from monitor
       int mon = monmap->pick_mon();
@@ -683,8 +698,10 @@ Ticket *Client::get_user_ticket(uid_t uid, gid_t gid)
     
     cout << "Waiting for a Wait" << endl;
     // naively assume we'll get a ticket FIXME
-    while (user_ticket.count(uid) == 0) 
+    while (user_ticket.count(uid) == 0) { 
+      cout << "user_ticket.count(uid) = " << user_ticket.count(uid) << endl;
       cond.Wait(client_lock);
+    }
 
     cout << "Did I break the loop?" << endl;
   }
@@ -2202,7 +2219,7 @@ int Client::open(const char *relpath, int flags, __int64_t uid, __int64_t gid)
   client_lock.Lock();
 
   Ticket *tk = get_user_ticket(getuid(), getgid());
-  cout << "Returned from ticket call" << endl;
+
   if (!tk) {
     client_lock.Unlock();
     return -EPERM;

branches/aleung/security1/ceph/client/Client.h

@@ -496,9 +496,11 @@ protected:
   map<uid_t,Ticket*> user_ticket;
   map<uid_t,int>     user_ticket_ref;
   map<uid_t,list<Cond*> >   ticket_waiter_cond;
+  map<uid_t,esignPub*> user_pub_key;
+  map<uid_t,esignPriv*> user_priv_key;
 
-  // user map?
-  //map<uid_t>
+  // user map
+  //map<uid_t, User*> user_identity;
 
   Ticket *get_user_ticket(uid_t uid, gid_t gid);
   void put_user_ticket(Ticket *tk);
@@ -519,7 +521,6 @@ protected:
 
   // messaging
   void dispatch(Message *m);
-
   void handle_mount_ack(class MClientMountAck*);
   void handle_unmount_ack(Message*);
   void handle_mds_map(class MMDSMap *m);

branches/aleung/security1/ceph/crypto/Ticket.h

@@ -84,7 +84,6 @@ public:
   }
 
   void sign_ticket(esignPriv privKey) {
-    cout << "Trying to SIGN ticket" << endl << endl;
     byte ticketArray[sizeof(identity)];
     memcpy(ticketArray, &identity, sizeof(identity));
     signature = esignSig(ticketArray, sizeof(identity), privKey);
@@ -92,7 +91,6 @@ public:
   }
 
   bool verif_ticket (esignPub pubKey) {
-    cout << "Verifying ticket" << endl << endl;
     byte ticketArray[sizeof(identity)];
     memcpy(ticketArray, &identity, sizeof(identity));
     signature.Assign(allocSig, allocSig.size());
@@ -101,11 +99,10 @@ public:
   
 
   void decode(bufferlist& blist, int& off) {
-    cout << "About to decode BL ticket" << endl;
     
-    //int off = 0;
     blist.copy(off, sizeof(identity.uid), (char*)&(identity.uid));
     off += sizeof(identity.uid);
+    cout << "Decoded uid: " << identity.uid << endl;
     blist.copy(off, sizeof(identity.gid), (char*)&(identity.gid));
     off += sizeof(identity.gid);
     blist.copy(off, sizeof(identity.t_s), (char*)&(identity.t_s));
@@ -121,18 +118,15 @@ public:
     _decode(identity.username, blist, off);
     _decode(identity.pubKey, blist, off);
 
-    cout << "Decoded BL ticket OK" << endl;
-
   }
   void encode(bufferlist& blist) {
-    cout << "About to encode ticket" << endl;
+
     blist.append((char*)&(identity.uid), sizeof(identity.uid));
     blist.append((char*)&(identity.gid), sizeof(identity.gid));
     blist.append((char*)&(identity.t_s), sizeof(identity.t_s));
     blist.append((char*)&(identity.t_e), sizeof(identity.t_e));
     blist.append((char*)&allocSig, sizeof(allocSig));
     //blist.append((char*)&identity, sizeof(identity));
-    cout << "Encoded ticket OK" << endl;
 
     _encode(identity.iv, blist);
     _encode(identity.username, blist);

branches/aleung/security1/ceph/messages/MClientAuthUserAck.h

@@ -19,36 +19,29 @@
 #include "crypto/Ticket.h"
 
 class MClientAuthUserAck : public Message {
-  //bufferlist ticketBL;
   Ticket myTicket;
+
  public:
   MClientAuthUserAck() : Message(MSG_CLIENT_AUTH_USER_ACK) { 
   }
   MClientAuthUserAck(Ticket *ticket) : Message(MSG_CLIENT_AUTH_USER_ACK) { 
-    //ticket->encode(ticketBL);
     myTicket = (*ticket);
   }
 
   char *get_type_name() { return "client_auth_user_ack"; }
 
-  uid_t get_uid() { return 0; }  // fixme
+  uid_t get_uid() { return myTicket.get_uid(); }  // fixme
 
   Ticket *getTicket() {
     return &myTicket;
   }
 
   void decode_payload() {
-    cout << "Trying decode payload ACK" << endl;
     int off = 0;
-    //::_decode(myTicket, payload, off);
     myTicket.decode(payload, off);
-    cout << "ACK Decoded OK" << endl;
   }
   void encode_payload() {
-    cout << "Trying encode payload ACK" << endl;
-    //::_encode(myTicket, payload);
     myTicket.encode(payload);
-    cout << "ACK Encoded OK" << endl;
   }
 };
 

branches/aleung/security1/ceph/mon/ClientMonitor.cc

@@ -24,8 +24,6 @@
 
 #include "common/Timer.h"
 
-#include "crypto/Ticket.h"
-
 #include "config.h"
 #undef dout
 #define  dout(l) if (l<=g_conf.debug || l<=g_conf.debug_mon) cout << g_clock.now() << " mon" << mon->whoami << (mon->is_starting() ? (const char*)"(starting)":(mon->is_leader() ? (const char*)"(leader)":(mon->is_peon() ? (const char*)"(peon)":(const char*)"(?\?)"))) << ".client "
@@ -81,52 +79,50 @@ void ClientMonitor::handle_client_auth_user(MClientAuthUser *m)
   dout(7) << "client_auth_user from " << m->get_source() << " at " << m->get_source_inst() << endl;
   assert(m->get_source().is_client());
   //int from = m->get_source().num();
+
+  Ticket *userTicket;
   
   // grab information
   uid_t uid = m->get_uid();
-  gid_t gid = m->get_gid();
-  // ticket time = 60 minutes (too long, only for debug)
-  utime_t t_s = g_clock.now();
-  utime_t t_e = t_s;
-  t_e += 3600;
-  string name = "unknown";
-  string key = m->get_str_key();
-
-  
-  // create iv
-  char iv[RJBLOCKSIZE];
-  memset(iv, 0x01, RJBLOCKSIZE); // worthless right now
-  string k_0 = iv;
-
-  // create a ticket
-  Ticket userTicket(uid, gid, t_s, t_e, k_0, name, key);
-
-  // sign the ticket
-  userTicket.sign_ticket(mon->myPrivKey);
-  cout << "SIGNED THE TICKET SUCCESFULY?" << endl << endl;
-
-  // test the verification
-  if (userTicket.verif_ticket(mon->myPubKey))
-    cout << "Verification succeeded" << endl;
+  // do we have a ticket already?
+  // user should be able to make new ticket eventually
+  if (user_tickets.count(uid) == 0) {
+    gid_t gid = m->get_gid();
+    // ticket time = 60 minutes (too long? too short?)
+    utime_t t_s = g_clock.now();
+    utime_t t_e = t_s;
+    t_e += 3600;
+    string name = "unknown";
+    string key = m->get_str_key();
+    
+    // create iv
+    char iv[RJBLOCKSIZE];
+    memset(iv, 0x01, RJBLOCKSIZE); // worthless right now
+    string k_0 = iv;
+    
+    // create a ticket
+    userTicket = new Ticket(uid, gid, t_s, t_e, k_0, name, key);
+    
+    // sign the ticket
+    userTicket->sign_ticket(mon->myPrivKey);
+    
+    // test the verification
+    //if (userTicket.verif_ticket(mon->myPubKey))
+    //  cout << "Verification succeeded" << endl;
+    //else
+    //  cout << "Verification failed" << endl;
+    
+    // cache the ticket
+    user_tickets[uid] = userTicket;
+  }
   else
-    cout << "Verification failed" << endl;
-
-  // cache the ticket?
-
+    userTicket = user_tickets[uid];
   // reply to auth_user
-  cout << "send_ticket to " << m->get_source() <<
-    " inst " << m->get_source_inst() << endl;
-  messenger->send_message(new MClientAuthUserAck(&userTicket),
+  messenger->send_message(new MClientAuthUserAck(userTicket),
 			  m->get_source(), m->get_source_inst());
-  cout << "ACK Ticket sent to " << m->get_source() << endl;
   
 }
 
-void ClientMonitor::send_ticket(msg_addr_t dest, const entity_inst_t& inst) {
-  cout << "send_ticket to " << dest << " inst " << inst << endl;
-  //messenger->send_message(new MClientAuthUserAck(&userTicket), dest, inst);
-}
-
 /*
 void ClientMonitor::handle_mds_shutdown(Message *m)
 {

branches/aleung/security1/ceph/mon/ClientMonitor.h

@@ -26,6 +26,8 @@ using namespace std;
 #include "crypto/CryptoLib.h"
 using namespace CryptoLib;
 
+#include "crypto/Ticket.h"
+
 class Monitor;
 
 class ClientMonitor : public Dispatcher {
@@ -36,6 +38,7 @@ class ClientMonitor : public Dispatcher {
  private:
   int num_clients;
   map<msg_addr_t,entity_inst_t> client_map;
+  map<uid_t, Ticket*> user_tickets;
 
   void bcast_latest_mds();